Merge branch '4.12.0' into hinderjd#1042

CHANGELOG.md

@@ -3,6 +3,10 @@
 ## [Unreleased]
 
 * Update PowerSTIG to Parse/Apply Google Chrome STIG - Ver 2, Rel 5: [#1042](https://github.com/microsoft/PowerStig/issues/1042)
+* Update PowerSTIG to Parse/Apply Microsoft Office 365 ProPlus STIG - Ver 2, Rel 4: [#1044](https://github.com/microsoft/PowerStig/issues/1044)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 8.0 Site STIG V2R5: [#1047](https://github.com/microsoft/PowerStig/issues/1047)
+* Update PowerSTIG to Parse/Apply Microsoft IIS 10.0 Site\Server STIG V2R5: [#1046](https://github.com/microsoft/PowerStig/issues/1046)
+* Update PowerSTIG to Parse/Apply Microsoft Edge STIG - Ver 1, Rel 4: [#1043](https://github.com/microsoft/PowerStig/issues/1043)
 * Update PowerSTIG to Parse/Apply Microsoft Office System 2016 STIG - Ver 2, Rel 2: [#1045](https://github.com/microsoft/PowerStig/issues/1045)
 * Update PowerSTIG to successfully parse/apply Canonical Ubuntu 18.04 LTS STIG - V2R6: [#1057](https://github.com/microsoft/PowerStig/issues/1057)
 * Fixed: Default Org Settings missing from WindowsServer-2016-DC-2.3.org.default.xml: [#1054](https://github.com/microsoft/PowerStig/issues/1054)

source/StigData/Archive/Edge/U_MS_Edge_V1R2_STIG_Manual-xccdf.log → source/StigData/Archive/Edge/U_MS_Edge_V1R4_STIG_Manual-xccdf.log

@@ -18,3 +18,4 @@ V-235728::NetworkPredictionOptions::"NetworkPredictionOptions"
 V-235729::HKLM\SOFTWARE\Policies\Microsoft\Edge\Recommended::HKLM\SOFTWARE\Policies\Microsoft\Edge
 V-235767::PaymentMethodQueryEnabled::"PaymentMethodQueryEnabled"
 V-235769::UserFeedbackAllowed::"UserFeedbackAllowed"
+V-251694::*::.

source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R2_Manual-xccdf.log → source/StigData/Archive/Office/U_MS_Office_365_ProPlus_STIG_V2R4_Manual-xccdf.log

@@ -1,11 +1,11 @@
 V-223293::If the value for allow user locations::If the value for "allow user locations"
 V-223360::If the value allowuserstolowerattachments::If the value for allowuserstolowerattachments
-V-223288::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Absent'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security'; ValueName = 'UFIControls'; ValueType = 'String'}
+V-223288::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security';ValueData = $null; ValueName = 'UFIControls'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 6"}
 V-223291::If the value defaultencryption12::If the value for defaultencryption12
 V-223291::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security'; ValueName = 'defaultencryption12'; ValueType = 'String'; ValueData = "Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256"}
 V-223292::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Common\Security'; ValueName = 'OpenXMLEncryption'; ValueType = 'String'; ValueData = "Microsoft Enhanced RSA and AES Cryptographic Provider,AES 256,256"}
-V-223295::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\keycupoliciesmsvbasecurity'; ValueName = 'LoadControlsInForms' ;ValueType = 'Dword'; ValueData = 1}
-V-223354::HKCU\software\policies\ microsoft\office\ 16.0\outlook\options\mail::HKCU\software\policies\microsoft\office\16.0\outlook\options\mail
+V-223295::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\vba\security'; ValueName = 'LoadControlsInForms' ;ValueType = 'Dword'; ValueData = '1'}
+V-223354::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\options\mail'; ValueName = 'Internet' ;ValueType = 'Dword'; ValueData = '0'}
 V-223356::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security'; ValueData = $null; ValueName = 'minenckey'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 168 or greator"}
 V-223362::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Absent'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security'; ValueName = 'FileExtensionsRemoveLevel1' ;ValueType = 'Dword'}
 V-223363::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Absent'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security'; ValueName = 'FileExtensionsRemoveLevel2' ;ValueType = 'Dword'}
@@ -16,18 +16,23 @@ V-223403::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ke
 V-223402::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security\ProtectedView'; ValueData = $null; ValueName = 'DisableInternetFilesInPV'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 0|DoesNotExist"}
 V-223401::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'WordBypassEncryptedMacroScan'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 0|DoesNotExist"}
 V-223388::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security\FileValidation'; ValueData = $null; ValueName = 'openinprotectedview'; ValueType = 'Dword';OrganizationValueTestString = "{0} is 1|DoesNotExist"}<splitrule>HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security\FileValidation'; ValueData = "1"; ValueName = 'DisableEditFromPV'; ValueType = 'Dword'}
-V-223351::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Mail'; ValueName = 'junkmailprotection'; ValueType = 'String'; ValueData = "High"}
+V-223351::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Options\Mail'; ValueName = 'junkmailprotection'; ValueType = 'String'; ValueData = "3"}
 V-223346::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security'; ValueData = $null; ValueName = 'authenticationservice'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 16(decimal)|10(hex)"}
 V-223342::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileValidation'; ValueData = $null; ValueName = 'openinprotectedview'; ValueType = 'Dword';OrganizationValueTestString = "{0} is 1|DoesNotExist"}<splitrule>HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\FileValidation'; ValueData = "1"; ValueName = 'DisableEditFromPV'; ValueType = 'Dword'}
 V-223341::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\ProtectedView'; ValueData = $null; ValueName = 'DisableUnsafeLocationsInPV'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 0|DoesNotExist"}
 V-223340::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security\ProtectedView'; ValueData = $null; ValueName = 'DisableInternetFilesInPV'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 0|DoesNotExist"}
 V-223335::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'webservicefunctionwarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 1|DoesNotExist"}
 V-223333::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'excelbypassencryptiedmacrosscan'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 1|DoesNotExist"}
-V-223332::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = "1"; ValueName = 'extensionhardening'; ValueType = 'Dword'}
-V-223331::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Options'; ValueData = "1"; ValueName = 'disableautorepublishwarning'; ValueType = 'Dword'}
+V-223332::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = "2"; ValueName = 'extensionhardening'; ValueType = 'Dword'}
+V-223331::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Options'; ValueData = "0"; ValueName = 'disableautorepublishwarning'; ValueType = 'Dword'}
 V-223282::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Access\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
-V-223359::HKCU\software\policies\microsoft\office\16.0\ outlook\security::HKCU\software\policies\microsoft\office\16.0\outlook\security
-V-223355::HKCU\software\policies\microsoft\office\16.0\ outlook\security::HKCU\software\policies\microsoft\office\16.0\outlook\security
-V-223358::HKCU\software\policies\microsoft\office\16.0\ outlook\security::HKCU\software\policies\microsoft\office\16.0\outlook\security
-V-223339::HKCU\software\polices\microsoft\office\16.0\excel\security\protectedview::HKCU\software\policies\microsoft\office\16.0\excel\security\protectedview
-V-223338::HKCU\keycuexcelexternalcontent::HKCU\SOFTWARE\Policies\Microsoft\office\16.0\excel\security\external content
+V-223359::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'adminsecuritymode' ;ValueType = 'Dword'; ValueData = '3'}
+V-223355::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'publishtogaldisabled' ;ValueType = 'Dword'; ValueData = '1'}
+V-223358::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Ensure = 'Present'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\security'; ValueName = 'usecrlchasing' ;ValueType = 'Dword'; ValueData = '1'}
+V-223376::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Project\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223377::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\powerpoint\security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223311::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Excel\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223392::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Publisher\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223393::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Visio\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223417::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Word\Security'; ValueData = $null; ValueName = 'vbawarnings'; ValueType = 'Dword'; OrganizationValueTestString = "{0} is 2|3|4"}
+V-223309::*::HardCodedRule(RegistryRule)@{DscResource = 'RegistryPolicyFile'; Key = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common\COM Compatibility'; ValueData = 'Block all Flash activation'; ValueName = 'COMMENT'; ValueType = 'String'}

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Site_STIG_V2R4_Manual-xccdf.log

@@ -2,3 +2,5 @@
 V-218735::System Administrator::""
 V-218754::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length documented and approved by the ISSO, this is a finding.::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length approved by the ISSO, this is a finding.
 V-218763::*::HardCodedRule(WebConfigurationPropertyRule)@{DscResource = 'xWebConfigKeyValue'; Key = 'timeout'; Value = $null; OrganizationValueTestString = "'{0}' -le '00:15:00'"; ConfigSection = '/system.web/sessionState'}
+V-218775::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = $null; OrganizationValueTestString = "'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'"}
+

source/StigData/Archive/Web Server/U_MS_IIS_10-0_Site_STIG_V2R5_Manual-xccdf.log

@@ -0,0 +1,5 @@
+V-218751::System Administrator::""
+V-218735::System Administrator::""
+V-218754::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length documented and approved by the ISSO, this is a finding.::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length approved by the ISSO, this is a finding.
+V-218763::*::HardCodedRule(WebConfigurationPropertyRule)@{DscResource = 'xWebConfigKeyValue'; Key = 'timeout'; Value = $null; OrganizationValueTestString = "'{0}' -le '00:15:00'"; ConfigSection = '/system.web/sessionState'}
+V-218775::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = $null; OrganizationValueTestString = "'{0}' 'Value must contain Time and Schedule but can contain Requests, Memory, IsapiUnhealthy, OnDemand, ConfigChange, PrivateMemory'"}

source/StigData/Archive/Web Server/U_MS_IIS_8-5_Site_STIG_V2R3_Manual-xccdf.log → source/StigData/Archive/Web Server/U_MS_IIS_8-5_Site_STIG_V2R5_Manual-xccdf.log

@@ -1,3 +1,5 @@
 V-214465::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length documented and approved by the ISSO, this is a finding.::If the "maxAllowedContentLength" value is not explicitly set to "30000000" or less or a length approved by the ISSO, this is a finding.
 V-214444::System Administrator::""
 V-214448::*::HardCodedRule(IISLoggingRule)@{DscResource = 'xWebsite'; LogFlags = $null; OrganizationValueTestString = "'{0}' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'"}
+V-214484::*::.
+V-214488::*::HardCodedRule(WebAppPoolRule)@{DscResource = 'xWebAppPool'; Key = 'logEventOnRecycle'; Value = "'Time,Schedule'"}

source/StigData/Processed/IISServer-10.0-2.3.org.default.xml → source/StigData/Processed/IISServer-10.0-2.5.org.default.xml

@@ -5,7 +5,7 @@
     Each setting in this file is linked by STIG ID and the valid range is in an
     associated comment.
 -->
-<OrganizationalSettings fullversion="2.3">
+<OrganizationalSettings fullversion="2.5">
   <!-- Ensure ''V-218785'' LogFlags must contain at a minimum Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer'-->
   <OrganizationalSetting id="V-218785" LogCustomFieldEntry="" LogFlags="Date,Time,ClientIP,UserName,Method,UriQuery,HttpStatus,Referer" LogFormat="" LogPeriod="" LogTargetW3C="" />
   <!-- Ensure ''V-218805.a'' -le '00:20:00'-->

source/StigData/Processed/IISServer-10.0-2.3.xml → source/StigData/Processed/IISServer-10.0-2.5.xml

@@ -1,4 +1,4 @@
-<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R3_Manual-xccdf.xml" releaseinfo="Release: 3 Benchmark Date: 23 Jul 2021 3.2.2.36079 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.3" created="8/23/2021">
+<DISASTIG version="2" classification="UNCLASSIFIED" customname="" stigid="IIS_10-0_Server_STIG" description="This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil." filename="U_MS_IIS_10-0_Server_STIG_V2R5_Manual-xccdf.xml" releaseinfo="Release: 5 Benchmark Date: 27 Jan 2022 3.2.2.36079 1.10.0" title="Microsoft IIS 10.0 Server Security Technical Implementation Guide" notice="terms-of-use" source="STIG.DOD.MIL" fullversion="2.5" created="2/17/2022">
   <DocumentRule dscresourcemodule="None">
     <Rule id="V-218784" severity="medium" conversionstatus="pass" title="SRG-APP-000015-WSR-000014" dscresource="None">
       <Description>&lt;VulnDiscussion&gt;Logging onto a web server remotely using an unencrypted protocol or service when performing updates and maintenance is a major risk. Data, such as user account, is transmitted in plaintext and can easily be compromised. When performing remote administrative tasks, a protocol or service that encrypts the communication channel must be used.
@@ -337,25 +337,18 @@ If the TLS version is not TLS 1.2 or higher, according to NIST SP 800-52, or if
       <OrganizationValueRequired>False</OrganizationValueRequired>
       <OrganizationValueTestString />
       <RawString>Access the IIS 10.0 Web Server.
-
 Open IIS Manager.
-
 Click the IIS 10.0 web server name.
-
-Click on HSTS.
-
-Verify “Enable” is checked, and Max-Age is set to something other than “0”.
-
-Verify “IncludeSubDomains” and “Redirect HTTP to HTTPS” are checked.
-
-Click "OK".
-
-If HSTS has not been enabled, this is a finding.
+Open on Configuration Editor under Management.
+For the Section, navigate to system.applicationHost/sites.
+Expand siteDefaults and HSTS.
+If enabled is not set to True, this is a finding.
+If includeSubDomains is not set to True, this is a finding.
+If max-age is not set to a value greater than 0, this is a finding.
+If redirectHttpToHttps is not True, this is a finding.
 
 If the website is behind a load balancer or proxy server, and HSTS enablement is handled there, this is Not Applicable.
 
-The recommended max age is 8 minutes (480 seconds) or greater. Any value greater than 0 is not a finding.
-
 If the version of Windows Server does not natively support HSTS, this is not a finding.</RawString>
     </Rule>
     <Rule id="V-228572" severity="medium" conversionstatus="pass" title="SRG-APP-000141-WSR-000075" dscresource="None">